General

  • Target

    sogou_pinyin_guanwang1.cab

  • Size

    150.4MB

  • MD5

    13f9c74781d5d8db24d1cd9bb55595ea

  • SHA1

    939ff8d3b4194ddf30a778efcdbefdb12e738bde

  • SHA256

    3dfd9d08967203845a7d25d0ca7c248f12e8d52d50644ef89b0b80b283896785

  • SHA512

    1a546d7a1a3c885d2d8f4fcb5eb6c92d36b2cbb5d9c11ae2e09ffbe190e04e80d5286909076e67111c8a5d494ae9e13f2e9288b84ae9e8e3330208417f6a9544

  • SSDEEP

    3145728:phObRuIVs6aVykHwhk8ts8sD/5rJspQXw62FNPOkt:psRuWs6aysb/5rfowkt

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

Files

  • sogou_pinyin_guanwang1.cab
    .cab
  • WindowsProgram.msi
    .msi .vbs polyglot
  • sogou_pinyin_guanwang.exe
    .exe windows:5 windows x86 arch:x86


    Code Sign

    Headers

    Sections

  • $PLUGINSDIR/HWSignature.dll
    .dll windows:6 windows x86 arch:x86

    cdd42c264bacf432f4003380d6c8ce27


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ImageMagik.dll
    .dll windows:6 windows x86 arch:x86

    f204f2299a0324f196a8576faef59e72


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:5 windows x86 arch:x86

    cd90e33ffbc335413a25300c682c83df


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SetupFlash.swf
  • $PLUGINSDIR/SetupLib.dll
    .dll windows:6 windows x86 arch:x86

    b7d3cc98eeef23680dc67f5bf5f2b60f


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SetupLibNew.dll
    .dll windows:6 windows x86 arch:x86

    67f9b2c634636449e612e5569d89aff9


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SetupUi.cupf
  • $PLUGINSDIR/SogouPY.ime
    .dll windows:6 windows x86 arch:x86

    71178e1c78bcd4cde4b4c9633d1227c5


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SogouPY64.ime
    .dll windows:6 windows x64 arch:x64

    36f69c31821e031700c418fe9577cb11


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:5 windows x86 arch:x86

    039bcbc605477e8e87ec550c2e60e748


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/setuppage.zip
    .zip
  • font.xml
  • img/bg_hole.png
    .png
  • img/browseclick.svg
  • img/browsedisable.svg
  • img/browsehover.svg
  • img/browsenormal.svg
  • img/buttoninstallclick.svg
  • img/buttoninstalldisable.svg
  • img/buttoninstallhover.svg
  • img/buttoninstallnormal.svg
  • img/closeclick.svg
  • img/closedisable.svg
  • img/closehover.svg
  • img/closenormal.svg
  • img/closenormalclick.svg
  • img/closenormaldisable.svg
  • img/closenormalhover.svg
  • img/closenormalnormal.svg
  • img/customizebuttonclick.svg
  • img/customizebuttondisable.svg
  • img/customizebuttonhover.svg
  • img/customizebuttonnormal.svg
  • img/filebg.svg
  • img/gouxuanselected.svg
  • img/icon.svg
  • img/installbg1.svg
  • img/installbg2.svg
  • img/installfinish.svg
  • img/installfinish_no_yyb.svg
  • img/itemuse_hover.svg
    .xml
  • img/itemuse_normal.svg
    .xml
  • img/itemuse_push.svg
    .xml
  • img/logo_bg_1.png
    .png
  • img/logo_bg_1.svg
    .xml
  • img/miniclick.svg
  • img/minidisable.svg
  • img/minihover.svg
  • img/mininormal.svg
  • img/miniprogressclick.svg
  • img/miniprogressdisable.svg
  • img/miniprogresshover.svg
  • img/miniprogressnormal.svg
  • img/packupclick.svg
  • img/packupdisable.svg
  • img/packuphover.svg
  • img/packupnormal.svg
  • img/pathinputactive.svg
  • img/pathinputdisable.svg
  • img/pathinputhover.svg
  • img/pathinputnormal.svg
  • img/popup_close_disable.svg
    .xml
  • img/popup_close_hover.svg
    .xml
  • img/popup_close_normal.svg
    .xml
  • img/popup_close_push.svg
    .xml
  • img/popup_ok_hover.svg
    .xml
  • img/popup_ok_normal.svg
    .xml
  • img/popup_ok_push.svg
    .xml
  • img/process.svg
  • img/progressbar.svg
  • img/search_suggest_tip_hover.svg
  • img/search_suggest_tip_normal.svg
  • img/search_suggest_tips_bak.svg
  • img/slideshow/1.svg
  • img/slideshow/2.svg
  • img/slideshow/3.svg
  • img/slideshow/4.svg
  • img/slideshow/5.svg
    .xml
  • img/slideshow/6.svg
  • img/slideshow/7.svg
  • img/tipsbg.svg
  • img/ungouxuanclick.svg
  • img/ungouxuanhover.svg
  • img/ungouxuannormal.svg
  • img/warning_popup_icon.svg
    .xml
  • searchsuggesttips.xml
  • setuppage.xml
  • slideshow.xml
  • sogoumessage.xml
  • style.xml
  • $SYSDIR/SogouPY.ime
    .dll windows:6 windows x86 arch:x86

    71178e1c78bcd4cde4b4c9633d1227c5


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $SYSDIR/SogouPY.ime~
    .dll windows:6 windows x86 arch:x86

    71178e1c78bcd4cde4b4c9633d1227c5


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $_15_/HWSignature.dll
    .dll windows:6 windows x86 arch:x86

    cdd42c264bacf432f4003380d6c8ce27


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • 14.7.0.9739/HWSignature.dll
    .dll windows:6 windows x86 arch:x86

    cdd42c264bacf432f4003380d6c8ce27


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • 14.7.0.9739/ImageMagik.dll
    .dll windows:6 windows x86 arch:x86

    f204f2299a0324f196a8576faef59e72


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • 14.7.0.9739/SetupUi.cupf
  • SogouExe/HWSignatureEx.dll
    .dll windows:6 windows x86 arch:x86

    cdd42c264bacf432f4003380d6c8ce27


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections